On 03/05/2014 10:44 AM, Kenneth Lerman wrote:
> On 3/3/2014 12:41 PM, John Kasunich wrote:
>>
>> I agree 110% with John. "sudo make setuid" shouldn't be considered
>> an obstacle.
> sudo make setcap... is probably more appropriate. These days, we can set
> individual capabilities rather than handing out root privileges.
I looked into using setcap recently. That would be ideal, and would
work fine today for RIP builds and manual 'make install' runs.
The stumper is packaging: AFAIK Debian's 'fakeroot' doesn't wrap setcap,
and 'tar' doesn't know how to capture file capabilities. Same goes for
RedHat packaging.
In the meantime, more fine-grained permissions might be had with
appropriate /etc/security/limits.d entries (possibly enough to solve
Seb's buildbot POSIX unit test failures without a setuid binary).
John
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers
